2 Replies Latest reply on Jul 3, 2012 9:50 PM by Hayton

    McAfee says it's fixed but trojan "generic.grp!jl" keeps looping

      McAfee message keeps saying "Trojan Removed" but "generic.grp!jl" message keeps returning every 2 minutes or so.  Ran McAfee total computer scan and found no viruses.  I am still concerned that this recurring trojan is persistent.  Can you help?

       

      Message was edited by: uneedtoknow on 03/07/12 11:07:35 CDT AM
        • 1. Re: McAfee says it's fixed but trojan "generic.grp!jl" keeps looping

          I have the same problem-it's a symptom of other problems in my case. Currently, am doing a full Windows re-install. From my reading even this may not be successful. McAfee has been no help! I have tried the McAfee AV, rootkit tool, stinger, MBAM, Kaspersky, etc etc...so best of luck!

          • 2. Re: McAfee says it's fixed but trojan "generic.grp!jl" keeps looping
            Hayton

            Moved to Malware Discussion (Home User Assistance) in Security Awareness, to be with other similar threads.

             

            This Trojan "generic.grp!jl" appears in a VirusTotal list on June 25th, and the equivalent Microsoft name for it there is "Trojan:Win32/Sirefef.P". Confusingly, on the Microsoft page for this malware it says the McAfee name for it is "FakeAlert-GA.gen.r", so the identification is not certain, especially as a later VirusTotal list links Microsoft's "Sirefef.P" with McAfee's "PWS-Zbot.gen.ads".

             

            This confusion makes it difficult to be sure what is causing the symptoms you describe. This is what Microsoft has to say about the Trojan :

             

            Trojan:Win32/Sirefef.P is a trojan component of Win32/Sirefef - a multi-component family of malware that moderates an affected user's Internetexperience by modifying search results, and generates pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or executing payload routines.

            Installation

            Trojan:Win32/Sirefef.P is installed by other malware and may be present as a file named "wpbt0.dll". The trojan component is responsible for downloading other malicious components.

             

             

            Either the Trojan is not actually being removed by McAfee (possible, if a rootkit is present) or immediately after deletion some other malware is replacing it, which implies it exists in some hidden part of the file system.

             

            A system restore seems to be effective, in at least some cases. Otherwise Microsoft are advising, for some variants of this, that a complete reinstallation of the OS may be necessary.